The Internal Communication Platform that plugs into Outlook.

Security

Because your data is your data. We protect it.

PoliteMail works to limit vulnerabilities through routine, industry standard operational procedures and regular analysis of the overall systems and application attack surface.

We protect your data by applying least privilege principles, restricting access to systems, services and data, employing a layered defense model and establishing a regime of testing, monitoring and analysis.

We utilize employee confidentiality agreements and require role-based security awareness training so each employee understands their role in delivering customer data security and privacy. We review these security role assignments at least quarterly and perform annual security assessments to

Keep your email data safe.

Because PoliteMail specializes in internal communications, we understand the messages are not public information, which is why we process but never store email messages within our system. We also understand that your employee names and email addresses are considered personally identifiable information (PII) and deserve the same level of protection as any other confidential information. Learn more about how our email measurement technology works, and what data is stored.

Meet security and compliance requirements.

Because PoliteMail specializes in internal communications, we understand the messages are not public information, which is why we process but never store email messages within our system. We also understand that your employee names and email address are personally identifiable information (PII) so securing the data and enabling privacy controls are top priorities.

Because PoliteMail provides corporate and enterprise solutions, we offer dedicated cloud services and on-premise software instead of the typical shared, multi-tenant environment. This enables complete isolation of your email data processing system from any other customer, and allows for custom security configurations if required, such as certificate based connectivity, IP restrictions, and VPNs.

Unlike most SaaS providers, PoliteMail provides our large corporate and enterprise customers with dedicated, fully managed cloud infrastructure. Why is this important? Dedicated servers provides more security control and better performance. The only email and data running through these servers will be generated by your authorized users, and every connection can be restricted using standard WAF, IP restrictions, or certificate based authentication protocols.

99.97%

2017 Average Uptime

0% Security Incidents 99.9% uptime guarantee.

Tier 1 Cloud Services Hosting Providers

On-Premise Software option

All Customer Data stored on redundant storage

Real-time monitoring of application systems and services

Access Management & Controls

Following least privilege principles, access control to production systems within our virtual private cloud network services environments are restricted by security groups and access control lists. Production system access is further limited by requiring domain login with specific IP restrictions and multi-factor administration user authentication.

Baseline security analysis performed on every new and updated environment.

Windows systems and security updates downloaded automatically

upon release, installed during nightly maintenance windows

End to end encryption and key management

End-point protection enabled

Real-time services and event monitoring

User Authentication

Application user identity and access management is controlled by the application user Admin role. User accounts are set-up within the application. When users install the PoliteMail for Outlook COM add-in, they make an initial connection to the PoliteMail application server with their provided credentials. From that point, each time they login to Outlook, they have access to the software.

Data Encryption

While the PoliteMail application primarily stores recipient names and email addresses, this data is considered personally identifiable information and is protected as customer confidential information. Encryption at all levels reduces the customer data attack surface area. Although encryption does not provide complete isolation of data from systems administrators, we have employed multi-level access controls with separation of key access, systems access and data access to further reduce risk.

Logs are continuously monitored for high priority events and codes, exceptions are elevated to administrators though EventViewer and manually reviewed

Application system health page available to customers

Software Lifecycle Security

Application security starts with development. Our products are all developed on the Microsoft Team Foundation Server platform with standard C#, .Net, SQL backend code and a React/Typescript/JavaScript front end. Our developers are trained in security awareness, use only authorized tools and libraries, perform threat modeling processes and check their code during the design, implementation and testing phases against the OWASP Top 10 and SANS/CWE Top 25.

Routine static and dynamic code analysis

No open source

All development performed in-house

Manual review of all third-party libraries

No dynamic SQL (stored procedures only)

OWASP Zed Proxy internal penetration testing on every build

All risks documents within our incident management system, all high and medium risk vulnerabilities remediated prior to release

Third party penetration tests on every major release, at least annually

Dev, Test and Production environments completely isolated, and access limited

Incident Response and Remediation Processes

PoliteMail has document incident response plans which identify customer communication contacts, process and methodology, and are implemented if and when any data security or privacy incidents emerge. Remediation of all software security, support issues and cases, software defects and vulnerability assessment risks are accomplished using our standardized Team Foundation Server work item tracking and measurement process.

Availability control

PoliteMail has implemented suitable measures to ensure that Customer Data including Personal Data is protected from accidental destruction or loss. This is accomplished with the following controls:

Monitoring and Logging

PoliteMail leverages our cloud service partner intrusion detection systems (IDS), and operates a security incident and event management (SIEM) system which combines commercial and custom tools to collect and examine its application use and system logs for anomalies and specific error code.